%global gem_name actionview
%global bootstrap 0
Name: rubygem-%{gem_name}
Version: 4.2.3
Release: 6%{?dist}
Summary: Rendering framework putting the V in MVC (part of Rails)
Group: Development/Languages
License: MIT
URL: http://www.rubyonrails.org
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# git clone http://github.com/rails/rails.git
# cd rails/actionview/
# git checkout v4.2.3
# tar czvf actionview-4.2.3-tests.tgz test/
Source1: %{gem_name}-%{version}-tests.tgz
# Fix CVE-2016-0752 Possible Information Leak Vulnerability
# https://bugzilla.redhat.com/show_bug.cgi?id=1301964
Patch0: rubygem-actionview-4.2.3-CVE-2016-0752-fix-possible-information-leak-vulnerability.patch
Patch1: rubygem-actionview-4.2.3-CVE-2016-0752-fix-possible-information-leak-vulnerability-tests.patch
# Fix rails-html-sanitizer v1.0.3 compatiblity.
# https://github.com/rails/rails/pull/23242
Patch2: rubygem-actionview-4.2.6-Fix-sanitizer-tests.patch
# Fix CVE-2016-2098: Code injection vulnerability.
# https://bugzilla.redhat.com/show_bug.cgi?id=1310054
Patch3: rubygem-actionview-4.2.5.2-secure_inline_with_params.patch
Patch4: rubygem-actionview-4.2.5.2-secure_inline_with_params-tests.patch
# Fix CVE-2016-6316 cross-site scripting flaw in Action View
# https://bugzilla.redhat.com/show_bug.cgi?id=1366480
Patch5: rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss.patch
Patch6: rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss-tests.patch
Patch7: rubygem-actionview-4.2.7.1-CVE-2016-6316-ensure-values.patch
Patch8: rubygem-actionview-4.2.7.1-CVE-2016-6316-ensure-values-tests.patch
BuildRequires: ruby(release)
BuildRequires: rubygems-devel
%if 0%{bootstrap} < 1
BuildRequires: rubygem(activesupport) = %{version}
BuildRequires: rubygem(activerecord) = %{version}
BuildRequires: rubygem(actionpack) = %{version}
BuildRequires: rubygem(railties) = %{version}
BuildRequires: rubygem(sqlite3)
BuildRequires: rubygem(minitest)
BuildRequires: rubygem(mocha) >= 0.9.8
%endif
BuildArch: noarch
%description
Simple, battle-tested conventions and helpers for building web pages.
%package doc
Summary: Documentation for %{name}
Group: Documentation
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description doc
Documentation for %{name}.
%prep
gem unpack %{SOURCE0}
%setup -q -D -T -n %{gem_name}-%{version}
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
%patch0 -p2
%patch3 -p2
%patch5 -p2
%patch7 -p2
%build
gem build %{gem_name}.gemspec
%gem_install
%install
mkdir -p %{buildroot}%{gem_dir}
cp -pa .%{gem_dir}/* \
%{buildroot}%{gem_dir}/
%if 0%{bootstrap} < 1
%check
pushd .%{gem_instdir}
tar xzvf %{SOURCE1} -C .
patch -F 0 -p2 < %{PATCH1}
patch -p2 < %{PATCH2}
patch -p2 < %{PATCH4}
patch -p2 < %{PATCH6}
patch -p2 < %{PATCH8}
# This requires rails git structure and only requires bundler in the end
sed -i "s|require File.expand_path('../../../load_paths', __FILE__)||" ./test/abstract_unit.rb
sed -i '16,18d' ./test/active_record_unit.rb
# Run separately as we need to avoid superclass mismatch errors
ruby -Ilib:test -e "Dir.glob('./test/{actionpack,activerecord,lib}/*_test.rb').each {|t| require t}"
ruby -Ilib:test -e "Dir.glob('./test/template/*_test.rb').each {|t| require t}"
popd
%endif
%files
%dir %{gem_instdir}
%{gem_libdir}
%exclude %{gem_cache}
%{gem_spec}
%doc %{gem_instdir}/MIT-LICENSE
%files doc
%doc %{gem_docdir}
%doc %{gem_instdir}/README.rdoc
%doc %{gem_instdir}/CHANGELOG.md
%changelog
* Tue Aug 16 2016 Jun Aruga <jaruga@redhat.com> - 4.2.3-6
- Fix for CVE-2016-6316 (rhbz#1366480)
* Mon Mar 07 2016 Vít Ondruch <vondruch@redhat.com> - 4.2.3-5
- Apply the security fix properly!
* Mon Mar 07 2016 Vít Ondruch <vondruch@redhat.com> - 4.2.3-4
- Fix rails-html-sanitizer v1.0.3 compatiblity.
- Fix code injection vulnerability (CVE-2016-2098).
* Thu Jan 28 2016 Pavel Valena <pvalena@redhat.com> - 4.2.3-3
- Fix CVE-2016-0752 Possible Information Leak Vulnerability - rhbz#1301964
* Wed Jul 01 2015 Josef Stribny <jstribny@redhat.com> - 4.2.3-2
- Enable tests
* Tue Jun 30 2015 Josef Stribny <jstribny@redhat.com> - 4.2.3-1
- Update to actionview 4.2.3
* Tue Jun 23 2015 Josef Stribny <jstribny@redhat.com> - 4.2.2-2
- Run tests
* Mon Jun 22 2015 Josef Stribny <jstribny@redhat.com> - 4.2.2-1
- Update to actionview 4.2.2
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Fri Mar 20 2015 Josef Stribny <jstribny@redhat.com> - 4.2.1-2
- Run tests
* Fri Mar 20 2015 Josef Stribny <jstribny@redhat.com> - 4.2.1-1
- Update to actionview 4.2.1
* Fri Feb 13 2015 Josef Stribny <jstribny@redhat.com> - 4.2.0-2
- Run tests
* Mon Feb 09 2015 Josef Stribny <jstribny@redhat.com> - 4.2.0-1
- Update to actionview 4.2.0
* Mon Aug 25 2014 Josef Stribny <jstribny@redhat.com> - 4.1.5-1
- Update to actionview 4.1.5
* Fri Jul 04 2014 Josef Stribny <jstribny@redhat.com> - 4.1.4-1
- Update to actionview 4.1.4
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Josef Stribny <jstribny@redhat.com> - 4.1.1-1
- Update to ActionView 4.1.1
* Tue Apr 15 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-2
- Unpack test suite in %%check
- Adjust tests to run with all dependencies
* Thu Apr 10 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-1
- Initial package